It was nearly 7 years ago since we have seen a PS3 Official Firmware Exploited (3.55 being the last), which predates many PS3 models and thus why those later Slim & SuperSlim models could never install Custom Firmware (CFW) and/or Downgrade. However that could all change as a team of three have been developing a new project (4.81 OFW Exploit) called PS3Xploit. The "Unhackable PS3 models" will be a term of the past, but the exploits not quite there yet but the possibility of a HENkaku (vita) style hack is very plausible. Currently the exploit has allowed for access to enable Flash dumps on all consoles, Then Write access to Flash, unhackables (25xx +) will not be able to write but all previous PS3 will so that means Goodbye Hardware Flashers and Hello Software Downgradrs. The team is consisting of psx-place's very own@bguerville, @esc0rtd3wand W form the team behind PS3Xploit.​

The theory behind the project started off when bguerville was looking through some of the webkit source code (for unrelated research) and stumbled on a discovery and a discussion here on the psx-place forums was formed with theories on how the PS3 could be attacked with his findings. As time passed the team formed and an idea became a full-fledged project in development, A request came to temporary remove the said discussion as the idea spawned a project with alot of potential. Sadly this is not ready for release quite yet (but soon), while we know it is working there is additional development needed to make this complete. The team has a goal of 2018 (first Q1) target for the release of the exploit.
​

Recently team member esc0rtd3w announced the tentative release date on another forum and it seemed some were so grateful they decided to intrude and breach his MEGA account and leak what they thought was the exploit / key component but was only a small puzzle piece of the entire thing and quite useless itself . While the good news it did not harm the project or discourage the development team behind Ps3Xploit. However esc0rtd3w did lose some personal files and also the community lost the huge collection of NoPSN Apps for the PS3. But don't cancel those subscription service's just yet, as esc0rtd3w is in the process of re-uploading the collection, you can follow the progress here .​

Also, I have been personally told by the team that some of the details being reported elsewhere are not 100% accurate, but rest assured we have first-hand information about this upcoming exploit and we will set the record straight and keep you flowing with the facts as they become available. bguerville has provided us with some details about this release and also tells us about what they plan to release first and that is coming in the next 24 hours in the form of a IDPS Dumper for 4.81 (All PS3 Models).(UPDATE >> Released)
​

I started investigating the ps3 webkit about 6/7 months, but at the time, it was only to gather information, I had no idea I would eventually be the one working on it!

End of August, I gave the information I had to esc0rtd3w & expected he would work on it alone. However, he knew nothing about webkit exploitation & he started to collaborate with W. By hijacking webkit, we inherit its privileges which means we are root & we get access to lv2 syscalls. However the ps3 OS is protected by NX (No eXecute is the bsd/linux equivalent of DEP on Windows), no address randomisation though. Executing our own payload is made impossible by NX but we can still execute code despite NX using ROP (Return Oriented Programming).
The principle is simple, select snippets from the system code (snippets like these are called gadgets) & assemble them so execution jumps from one gadget to the next until the task we planned is done. It requires providing values/parameters & offsetting to each gadget instruction as well...
First week of September, I joined their effort & 2 weeks later we had ROP execution.
From that moment, I have been doing all the ROP development work alone while the other 2 helped with testing & researching (and debugging for esc0rtd3w).
Right now I have 2 ROP chains ready, one for idps dumping & the other for flash memory dumping.

The next part of the job is to modify the flash dumper into a flash writer.
When that is done & released, ps3 hardware flashers will have become mostly obsolete.

FYI, the idps dumper should work on any nor/nand model of ps3. Same goes for the flash memory dumper.

It was tested ok on superslim.

Once the ROP work above is finished , there is much more to be done & hopefully more releases to come...

Stay tuned.....

The Current Status ​

For now the main project we are working on will not jailbreak all consoles.​

It will enable flash dumps from all consoles but flash write only to all consoles up to 25xx so consoles that are are not cfw compatible will not really benefit just yet, except for dumping flash & idps but not for JB.​

​

For those with cfw compatible consoles on ofw, once flash is overwritten with a db ofw copy, a user can reboot then install the cfw of their choice. Hardware flashers being then obsolete.. You could also overwrite the flash memory in more recent consoles but that would result in a brick due to metldr2. ​

It's only after that flash management project is done, in hopefully March that we will begin working on exploiting lv2. If we get the results we wish, we should be able to make a TaiHEN type of hack for all consoles including superslims.​

​

Once lv2 is exploited, I am not sure yet how far I will take it, whether I will also try to take on lv1.. Or leave it for someone else to build on by releasing a fully commented & dev friendly version... We will see how things go, ......​

​

However, even without lv1, direct access to lv2 functions using the right parameters would allow us to run homebrews (except those needing lv1 peek/poke) & backups without problems along with many other things.​

I figured i would add this (tab) to add some news and thread related to this project, that has arisen after this article.​

Stay tuned to psx-place.com as this story develops, we have the inside scoop on all the details as they flow. This is a huge breakthrough for the PS3 Community and will only progress from here on out!!!

UPDATE (5-20-2019): Version 2.1.1has been released. See below for additional Details!Here is v2 of the latest PS3 Hack to hit the PS3 Scene with the recent release of PS3HEN. This exploit for nonCFW console's provides homebrew support and a number of Custom Firmware intangibles for those console that can not install a traditional CFW, with those being lat production PS3 Slim models and all of the SuperSlim Consoles. While this is a tremendous release and breakthrough the information behind PS3HEN has been lacking and has served more questions then answers that could be provided. This is due in the way this was delivered and presented. We paused the reporting this on the frontpage until we were pleased with the documentation. So we took it upon ourselves to get the ball rolling on a newPS3HEN F.A.Q. detailing various aspects and info that will be useful for PS3HEN user's. Also we have started forming the PS3HEN Homebrew & Plugin Compatibility Chart

Version 2.x.x has come with a number of new additions for a better experience. Some of the new changes provide full PS3ISO Support ,As well as full BDISO and DVDISO support has been added, plus new improvements to PS3HEN's stabili​

Following up after the Announcement from @TheFloW back at the End of March this year, today @TheFloW "let the cat out of the bag" by releasing his newest Jailbreak for the PlayStation Vita, which will allow you to jailbreak both your PlayStation Vita and PlayStation TV even on the newest System Firmwares 3.69 and 3.70 (which weren't able to jailbreak before). But not only that. While you can jailbreak your Devices on the specific System Firmwares mentioned before, you can also Downgrade your PlayStation Vita / TV to a lower Firmware to get the full potential of your Device like with the famous Hacks and Exploits on System Firmware 3.60 (such as HENkaku and modoru) and 3.65/3.67/3.68 (such as h-encore). So while you have been probably already prepared for this release back at the first announcement, together with the fact that @TheFloW was so kind to release his final Jailbreak even earlier as previous announced, we won't keep you on tenterhooks anymore. Here is everything you need to know.
​

Month after Month, the Great Time behind the RPCS3 PS3 Emulator shows more and more improvements in their work for their PS3 Emulator. As they did of course for March 2019, which you can check at their newest Progress Report. In fact, maybe this month is a little bit too technical when reading through their Release Notes but don't worry. You will again realize how good this PS3 Emulator became and how it is getting even better month after month. But one new improvement we have to stick out is the new Native Support for the DualShock 3 Controller when used within RPCS3. You might be wondering, why this new implementation comes so late? Well, there was already a full of third-party drivers but each of them weren't working perfectly. But the Team behind RPCS3 wanted to give you the best experience for playing your PS3 Game Titles. So, since you probably played your PS3 Games Titles with the Original DualShock 3 Controller on your Original PS3 Hardware, they thought about to allow the same on your PC while playing your favourite PS3 Game Titles using RPCS3. So they implemented a native support for the DualShock 3 Controller, as you would use it on your original PS3 Hardware. Kinda neat isn't it?​

Being realistic... the leak started like a race but a bad one, now there must be some people taking a look at how it works, and after tomorrow release they will have another "sample" to experiment with
Some will do it in a good way just for curiosity sake, and others will be considering if they have time to build something from it and release it to say "i was the first one" to boost his ego

For you there is not much hurry though, because probably you are at a much more advanced stage with the other tools and you know the exploit enviroment good enought, so you are more advanced than them and you can continue advancing faster that anyone

The leaks pushes you in working faster at the worst point of the development when is needed to clean the code, but after the release of tomorrow you can take some time to clean files, care about what happened with the leak shit, if all that caused a bit of delay for the release of other tools is ok, we can wait

Amazing ill be waiting for the emmc release do you think it would take alot or couple of days?

Click to expand...

They explained the problem with eMMC, is not posible to access it yet because the device identifyer is unknown
After knowing that it could happen two things:
-All will work flaweslly like in the other PS3 models, and the code will not need to be modifyed much so it will be implemented very fast
-Some unexpected problems could appear

Nobody was able to access eMMC unnofficially by software before, so is not posible to know
My guess is the hypervisor is going to work in our favour this time by doing the dirty job by mapping devices and virtualizing them, so probably the eMMC is accessed like the other flash device types... and the hdd region in it like a generic hdd device too

They explained the problem with eMMC, is not posible to access it yet because the device identifyer is unknown
After knowing that it could happen two things:
-All will work flaweslly like in the other PS3 models, and the code will not need to be modifyed much so it will be implemented very fast
-Some unexpected problems could appear

Nobody was able to access eMMC unnofficially by software before, so is not posible to know
My guess is the hypervisor is going to work in our favour this time by doing the dirty job by mapping devices and virtualizing them, so probably the eMMC is accessed like the other flash device types... and the hdd region in it like a generic hdd device too

Click to expand...

They said that would hold them back with flashing but because idps is 16bytes they wont need device identifyer

How do you open the exploit on ps3 can you tell me exactly how as i am a noob in hosting stuff

Click to expand...

Start of by installing python into the ps3 idps dumper and then install everything else in the same folder as well then click on the .bat file and then it will give a IP and to the internet browser on PC to check and copy everything after starting server all the numbers and paste onto the URL tab and check if it is working and now copy the folder on a usb and keep a copy on the PC too and plug into the most right slot on the ps3 and go to the ps3 browser and enter the URL by pressing start and enter the IP they gave and the :XXXX as well and try dumping if it loads.

@sandungas is correct.
I said the deviceid was necessary for both idps & flash dumper, what's different is the amount of testing to do for one & for the other... Idps will be more quickly done than dumper, that's all I meant.

@sandungas is correct.
I said the deviceid was necessary for both idps & flash dumper, what's different is the amount of testing to do for one & for the other... Idps will be more quickly done than dumper, that's all I meant.

Click to expand...

sorry i miss understoond how much do you think you guys will take to be able dump idps on emmc

It was nearly 7 years ago since we have seen a PS3 Official Firmware Exploited (3.55 being the last), which predates many PS3 models and thus why those later Slim & SuperSlim models could never install Custom Firmware (CFW) and/or Downgrade. However that could all change as a team of three have been developing a new project (4.81 OFW Exploit) called PS3Xploit. The "Unhackable PS3 models" will be a term of the past, but the exploits not quite there yet but the possibility of a HENkaku (vita) style hack is very plausible. Currently the exploit has allowed for access to enable Flash dumps on all consoles, Then Write access to Flash, unhackables (25xx +) will not be able to write but all previous PS3 will so that means Goodbye Hardware Flashers and Hello Software Flashers. The team is consisting of psx-place's very own@bguerville, @esc0rtd3wand W form the team behind PS3Xploit.​

The theory behind the project started off when bguerville was looking through some of the webkit source code (for unrelated research) and stumbled on a discovery and a discussion here on the psx-place forums was formed with theories on how the PS3 could be attacked with his findings. As time passed the team formed and an idea became a full-fledged project in development, A request came to temporary remove the said discussion as the idea spawned a project with alot of potential. Sadly this is not ready for release quite yet (but soon), while we know it is working there is additional development needed to make this complete. The team has a goal of 2018 (Q!) target for the release of the exploit. View attachment 10021
​

Recently team member esc0rtd3w announced the tentative release date on another forum and it seemed some were so grateful they decided to intrude and breach his MEGA account and leak what they thought was the exploit or a key component but was only a small puzzle piece of the entire thing and quite useless by itself. While the good news it did not harm the project or discourage the development team behind Ps3Xploit. However esc0rtd3w did lose some personal files and also the community lost the huge collection of NoPSN Apps for the PS3. But don't cancel those subscription service's just yet, as esc0rtd3w is in the process of re-uploading the collection, you can follow the progress here .​

Also, I have been personally told by the team that some of the details being reported elsewhere are not 100% accurate, but rest assured we have first-hand information about this upcoming exploit and we will set the record starlight and keep you flowing with the facts as they become available. bguerville has provided us with some details about this release and also tell us about what they plan to release first and that is coming in the next 24 hours in the form of a IDPS Dumper for 4.81 (All PS3 Models).
​

I started investigating the ps3 webkit about 6/7 months, but at the time, it was only to gather information, I had no idea I would eventually be the one working on it!

End of August, I gave the information I had to esc0rtd3w & expected he would work on it alone. However, he knew nothing about webkit exploitation & he started to collaborate with W. By hijacking webkit, we inherit its privileges which means we are root & we get access to lv2 syscalls. However the ps3 OS is protected by NX (No eXecute is the bsd/linux equivalent of DEP on Windows), no address randomisation though. Executing our own payload is made impossible by NX but we can still execute code despite NX using ROP (Return Oriented Programming).
The principle is simple, select snippets from the system code (snippets like these are called gadgets) & assemble them so execution jumps from one gadget to the next until the task we planned is done. It requires providing values/parameters & offsetting to each gadget instruction as well...
First week of September, I joined their effort & 2 weeks later we had ROP execution.
From that moment, I have been doing all the ROP development work alone while the other 2 helped with testing & researching (and debugging for esc0rtd3w).
Right now I have 2 ROP chains ready, one for idps dumping & the other for flash memory dumping.

The idps dumper is about to get released.

The flash dumper will be released later.

The next part of the job is to modify the flash dumper into a flash writer.
When that is done & released, ps3 hardware flashers will have become mostly obsolete.

FYI, the idps dumper should work on any nor/nand model of ps3. Same goes for the flash memory dumper.

It was tested ok on superslim.

Once the ROP work above is finished , there is much more to be done & hopefully more releases to come...

Stay tuned.....

The Current Status ​

For now the main project we are working on will not jailbreak all consoles.​

It will enable flash dumps from all consoles but flash write only to all consoles up to 25xx so consoles that are are not cfw compatible will not really benefit just yet, except for dumping flash & idps but not for JB.​

​

For those with cfw compatible consoles on ofw, once flash is overwritten with a db ofw copy, a user can reboot then install the cfw of their choice. Hardware flashers being then obsolete.. You could also overwrite the flash memory in more recent consoles but that would result in a brick due to metldr2. ​

It's only after that flash management project is done, in hopefully March that we will begin working on exploiting lv2. If we get the results we wish, we should be able to make a TaiHEN type of hack for all consoles including superslims.​

​

Once lv2 is exploited, I am not sure yet how far I will take it, whether I will also try to take on lv1.. Or leave it for someone else to build on by releasing a fully commented & dev friendly version... We will see how things go, ......​

​

However, even without lv1, direct access to lv2 functions using the right parameters would allow us to run homebrews (except those needing lv1 peek/poke) & backups without problems along with many other things.​

Stay tuned to psx-place.com as this story develops, we have the inside scoop on all the details as they flow. This is a huge breakthrough for the PS3 Community and will only progress from here on out!!! ​